• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.5 no.2
• /
• pp.371-384
• /
• 2001

In these days, it is continuously increased to the intrusion of system in internet environment. The methods of intrusion detection can be largely classified into anomaly detection and misuse detection. The former uses statistical methods, features selection method in order to detect intrusion, the latter uses conditional probability, expert system, state transition analysis, pattern matching. The existing studies for IDS(intrusion detection system) use combined methods. In this paper, we propose a new intrusion detection algorithm combined both state transition analysis and association mining techniques. For the intrusion detection, the first step is generated state table for transmitted commands through the network. This method is similar to the existing state transition analysis. The next step is decided yes or no for intrusion using the association mining technique. According to this processing steps, we present the automated generation algorithm of the penetration scenarios.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.10a
• /
• pp.682-684
• /
• 2003

With the explosive rapid expansion of computer using during the past few years, security has become a crucial issue for modem computer systems. Today, there are many intrusion detection systems (IDS) on the Internet. A variety of intrusion detection techniques and tools exist in the computer security community such as enterprise security management system (ESM) and system integrity checking tools. However, there is a potential problem involved with intrusion detection systems that are installed locally on the machines to be monitored. If the system being monitored is compromised, it is quite likely that the intruder will after the system logs and the intrusion logs while the intrusion remains undetected. In this project KIT-I, we adopt remote logging server (RLS) mechanism, which is used to backup the log files to the server. Taking into account security, we make use of the function of SSL of Java and certificate authority (CA) based key management. Furthermore, Support Vector Machine (SVM) is applied in our project to detect the intrusion activities.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.12 no.7
• /
• pp.3191-3196
• /
• 2011

Smart home system are being installed in the most new construction of building for the convenience of living life. As smart home systems are becoming more common and their diffusion rates are faster, hacker's attack for the smart home system will be increased. In this paper, Risk level of smart home's to do respond to intrusion that occurred from the wired network and wireless network intrusion cases and attacks can occur in a virtual situation created scenarios to build a database. This is based on the smart home users vulnerable to security to know finding illegal intrusion traffic in real-time and attack prevent was designed the intrusion detection algorithm.

• Nuclear Engineering and Technology
• /
• v.52 no.12
• /
• pp.2687-2698
• /
• 2020

Most of the machine learning-based intrusion detection tools developed for Industrial Control Systems (ICS) are trained on network packet captures, and they rely on monitoring network layer traffic alone for intrusion detection. This approach produces weak intrusion detection systems, as ICS cyber-attacks have a real and significant impact on the process variables. A limited number of researchers consider integrating process measurements. However, in complex systems, process variable changes could result from different combinations of abnormal occurrences. This paper examines recent advances in intrusion detection algorithms, their limitations, challenges and the status of their application in critical infrastructures. We also introduce the discussion on the similarities and conflicts observed in the development of machine learning tools and techniques for fault diagnosis and cybersecurity in the protection of complex systems and the need to establish a clear difference between them. As a case study, we discuss special characteristics in nuclear power control systems and the factors that constraint the direct integration of security algorithms. Moreover, we discuss data reliability issues and present references and direct URL to recent open-source data repositories to aid researchers in developing data-driven ICS intrusion detection systems.

• Proceedings of the Korea Water Resources Association Conference
• /
• 2020.06a
• /
• pp.114-114
• /
• 2020

Water contamination in a water distribution network (WDN) is harmful since it directly induces the consumer's health problem and suspends water service in a wide area. Actions need to be taken rapidly to countermeasure a contamination event. A contaminant source ident ification (CSI) is an important initial step to mitigate the harmful event. Here, a CSI approach focused on determining the contaminant intrusion possible location and time (PLoT) is introduced. One of the methods to discover the PLoT is an inverse calculation to connect all the paths leading to the report specification of a sensor. A filtering procedure is then applied to narrow down the PLoT using the results from individual sensors. First, we spatially reduce the suspect intrusion points by locating the highly suspicious nodes that have similar intrusion time. Then, we narrow the possible intrusion time by matching the suspicious intrusion time to the reported information. Finally, a likelihood-score is estimated for each suspect. Another important aspect that needs to be considered in CSI is that there are inherent uncertainties, such as the variations in user demand and inaccuracy of sensor data. The uncertainties can lead to overlooking the real intrusion point and time. To reflect the uncertainties in the CSI process, the Monte-Carlo Simulation (MCS) is conducted to explore the ranges of PLoT. By analyzing all the accumulated scores through the random sets, a spread of contaminant intrusion PLoT can then be identified in the network.

• Information and Communications Magazine
• /
• v.24 no.11
• /
• pp.25-36
• /
• 2007

Deep packet inspection is widely recognized as a powerful way which is used for intrusion detection systems for inspecting, deterring and deflecting malicious attacks over the network. Fundamentally, almost intrusion detection systems have the ability to search through packets and identify contents that match with known attach. In this paper we survey the deep packet inspection implementations techniques, research challenges and algorithm. Finally, we provide a comparison between the different applied system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.2
• /
• pp.113-121
• /
• 2004

In a result that the types of intrusion detection are getting diverse in accordance with rapid internet sprawl, many intrusion detection systems have been developed. In this paper, we will propose a novel evaluation on the evaluation criteria for the intrusion detection systems using Fuzzy integrals

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.6
• /
• pp.279-290
• /
• 2013

In digital forensics log files have been stored as a form of large data for the purpose of tracing users' past behaviors. It is difficult for investigators to manually analysis the large log data without clues. In this paper, we propose a text mining technique for extracting intrusion logs from a large log set to recommend reliable evidences to investigators. In the training stage, the proposed method extracts intrusion association words from a training log set by using Apriori algorithm after preprocessing and the probability of intrusion for association words are computed by combining support and confidence. Robinson's method of computing confidences for filtering spam mails is applied to extracting intrusion logs in the proposed method. As the results, the association word knowledge base is constructed by including the weights of the probability of intrusion for association words to improve the accuracy. In the test stage, the probability of intrusion logs and the probability of normal logs in a test log set are computed by Fisher's inverse chi-square classification algorithm based on the association word knowledge base respectively and intrusion logs are extracted from combining the results. Then, the intrusion logs are recommended to investigators. The proposed method uses a training method of clearly analyzing the meaning of data from an unstructured large log data. As the results, it complements the problem of reduction in accuracy caused by data ambiguity. In addition, the proposed method recommends intrusion logs by using Fisher's inverse chi-square classification algorithm. So, it reduces the rate of false positive(FP) and decreases in laborious effort to extract evidences manually.

• Information Systems Review
• /
• v.24 no.4
• /
• pp.55-76
• /
• 2022

People have adopted Social Networking Sites (SNSs) as a part of their daily lives. When a person uses SNSs, (s)he intentionally or unintentionally discloses her/his personal information. Although using SNSs can provide benefits to a person such as maintaining relationships with people who does not see often, it also opens a dark side. Someone can use one's disclosed information without the acknowledgement of the information owner. It is called a privacy intrusion on SNSs, which has become a social problem and needs attention. This study examined factors affecting privacy intrusion intention on SNSs. This study classifies privacy intrusions into passive intrusion (collector) and active intrusion (distributor). The results reveal that low ethical consciousness positively affects enjoyment in both of collecting and distributing someone's personal information on SNSs. A person who has the low ethical consciousness also tends to raise her/his curiosity of collecting someone's private information on SNSs. Apart from low ethical consciousness, this study discloses how enjoyment, curiosity, experience of being a victim of privacy intrusion, experience of intruding others' privacies, and self-efficacy of collecting or distributing others' private information are related to passive or/and active privacy intrusion on SNSs with survey data.

• Journal of The Korean Society of Agricultural Engineers
• /
• v.47 no.5
• /
• pp.3-13
• /
• 2005

The present study examined the 3 dimensional space distribution characteristics of sea water intrusion using data available from previous observations. For this study, we used 3D FEMWATER, which is a 3 dimensional finite element model. The target area was around Daechang-ri, Gimje-si, Jeollabuk-do. The area is relatively easy to formulate a conceptual model and has observation wells in operation for surveying sea water intrusion. Considering the uncertainty of numerical simulation, we analyzed sensitivity to hydraulic conductivity, which has a relatively higher effect. According to the result of the analysis, the variation of TDS concentration had an error range of $-1,336{\~}+107 mg/{\iota}$. Taking note that the survey data from observation wells were collected when the boundary between fresh water and sea water in the aquifer was in equilibrium, we set the range of time for numerical simulation and estimated the spatial distribution of TDS concentration as the range of sea water intrusion. According to the result of estimation, the spatial distribution of TDS concentration calculated when 1,440 days were simulated was taken as the range of sea water intrusion. Using the result of calculation, we can draw not only vertical views for a certain section but also horizontal views of different depth. These views will be greatly helpful in understanding the spatial distribution of the range of sea water intrusion. In addition, the result of this study can be used rationally in proposing an optimal quantity of water pumping through investigating the moving route of sea water intrusion over time in order to prevent excessive water pumping and to maintain an optimal number of water pumping wells per interval.